Hi all,
I’d like to build a custom geo-ip based blacklist. I’ve already found that geoip-enrich is required to populate such a geoip-database. However, I am stuck on the custom blacklist part. I can find a way to integrate geoip-enrich within the whitelist, but I would like to do the exact opposite.
Is this at all possible using crowdsec?
Thanks in advance 
Hi
What exactly are you trying to achieve with the blocklist?
Assuming you’re using a bouncer that supports it, you can ban all traffic from China for 4h like this: cscli decisions add --scope country --value CN. CrowdSec would not be the most obvious tool for perm blocklisting as it would always block based on behavior. So if you’re looking to write a scenario that issues ban per country you should take a look at this article.
If you have further questions I would advise you to join our Discord server - the community there is much more active. We also have Discord specific events like workshops, talks and AMAs. The invite link is CrowdSec.
Have a great day
Hi @klausagnoletti ! Thanks for your reply
I have resolved this issue in a different manner, using this guide
Hi!
I want to achieve the same thing. The link is broken, can you elaborate how you did it? Wishes!
FWIW, turning that guide URL into a websearch instead I quickly found Geoip Blocking in Ubuntu 22.04 using iptables :: Blade Server - A Homelabber's Blog - I’ve not yet checked how well this works.